On 19th April 2012 the European Court of Justice (ECJ) handed down its preliminary ruling in the ePhone case (C-461/10), clarifying that companies may be ordered to disclose information about the user of an internet protocol address for the purpose of identifying suspected infringers of IP rights in civil proceedings.

Facts The ePhone case is a result of the Swedish implementation of the EU IP Enforcement Directive (2004/48/EC) and concerns the potential conflict between:

The rule allowing the disclosure of information.

The EU Data Retention Directive (2006/24/EC).

The EU Privacy and Electronic Communications Directive (2002/58/EC).

Five audiobook publishers requested an injunction ordering internet service provider (ISP) ePhone to provide the name and address of the person using the internet protocol address from which the applicants claimed that someone had infringed copyright-protected audiobooks using a file transfer protocol server via ePhone’s services. ePhone opposed the application, arguing that the injunction sought was contrary to the Data Retention Directive.

The application for an order to disclose the information was granted by the district court, but was then set aside by the Svea Court of Appeal, which found that the audiobook publishers had not adduced clear evidence that an IP right had been infringed. The audiobook publishers appealed to the Supreme Court, which found that doubts remained regarding the possible conflict between the rule allowing the disclosure of information and the Data Retention Directive, since no previous judgments had made reference to it. Therefore, the Supreme Court referred the matter to the ECJ for guidance on two questions:

Whether the Data Retention Directive prevents a national provision, based on Article 8 of the IP Enforcement Directive, that permits an order for disclosure of information stored by an ISP in civil proceedings for the purpose of identifying a suspected infringer of IP rights.

Whether the answer is affected by the fact that Sweden has not yet implemented the Data Retention Directive, even though the implementation period has expired.

ECJ judgment The ECJ initially stated that the Data Retention Directive constitutes a special and restricted legislation, which derogates from and replaces the EU Privacy and Electronic Communications Directive, and exclusively deals with the retention of data for the purpose of the investigation, detection and prosecution of serious crimes. As the national legislation at issue permits the disclosure of certain information in a civil copyright infringement case, the ECJ held that the material scope of the Data Retention Directive did not apply to the information at issue, and thus it was irrelevant that Sweden had not yet implemented the Data Retention Directive.

Furthermore, in order to provide a useful answer, the ECJ considered whether provisions of EU law not mentioned by the Swedish Supreme Court in its questions could be interpreted as precluding national legislation such as that at issue. With reference to previous judgments, the ECJ pointed out that, read together, the IP Enforcement Directive and the Privacy and Electronic Communications Directive neither prevent member states from having an obligation to disclose personal data in order to enable a private party to bring civil proceedings for copyright infringement, nor require member states to lay down such an obligation. However, the ECJ stressed that the legitimacy of national legislation which allows such disclosure is subject to the condition that the legislation enables the national courts to:

Weigh the conflicting interests involved.

Take into account the circumstances of each case.

Consider proportionality requirements.

In the present case, the ECJ found that the Swedish legislation ensured such a fair balance between protecting the personal data of internet users and protecting IP rights.

Implications The issue of whether the law prohibiting the illegal file sharing of copyright-protected material for private use can be enforced effectively has been much debated. The ECJ's ruling in this case may help to win the battle against illegal file sharing. However, the ECJ has left it to the national courts to determine on a case-by-case basis whether an obligation to disclose information regarding the user of an internet protocol address in order to identify an alleged illegal file sharer is legitimate. In this regard, the decision illustrates the ECJ’s attempt to achieve a fair balance between the protection of rights holders and the protection of privacy and personal data – an assessment which the Swedish Supreme Court will now have to make.